Sign-up

ID

VAR-201905-1186


CVE

CVE-2019-0982


TITLE

ASP.NET Core Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-003823

DESCRIPTION

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. An attacker can exploit this issue to cause a denial of service condition

Trust: 3.06

sources: NVD: CVE-2019-0982 // JVNDB: JVNDB-2019-003823 // CNVD: CNVD-2020-20378 // CNNVD: CNNVD-201905-393 // BID: 108208 // VULMON: CVE-2019-0982

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20378

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:2.2

Trust: 2.7

vendor:microsoftmodel:asp.net corescope:eqversion:2.1

Trust: 2.7

sources: CNVD: CNVD-2020-20378 // BID: 108208 // JVNDB: JVNDB-2019-003823 // NVD: CVE-2019-0982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0982
value: HIGH

Trust: 1.0

NVD: CVE-2019-0982
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-20378
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-393
value: HIGH

Trust: 0.6

VULMON: CVE-2019-0982
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0982
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-20378
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-0982
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-20378 // VULMON: CVE-2019-0982 // JVNDB: JVNDB-2019-003823 // CNNVD: CNNVD-201905-393 // NVD: CVE-2019-0982

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.8

sources: JVNDB: JVNDB-2019-003823 // NVD: CVE-2019-0982

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-393

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-393

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003823

PATCH
title:CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982
Trust: 0.8
title:CVE-2019-0982 | ASP.NET Core のサービス拒否の脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0982
Trust: 0.8
title:Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-20378)url:https://www.cnvd.org.cn/patchInfo/show/211635
Trust: 0.6
title:Microsoft ASP.NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92543
Trust: 0.6
title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-20378 // 
            
            
            
            VULMON: CVE-2019-0982 // 
            
            
            
            JVNDB: JVNDB-2019-003823 // 
            
            
            
            CNNVD: CNNVD-201905-393

EXTERNAL IDS
db:NVDid:CVE-2019-0982
Trust: 3.4
db:BIDid:108208
Trust: 1.0
db:JVNDBid:JVNDB-2019-003823
Trust: 0.8
db:CNVDid:CNVD-2020-20378
Trust: 0.6
db:CNNVDid:CNNVD-201905-393
Trust: 0.6
db:VULMONid:CVE-2019-0982
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-20378 // 
            
            
            
            VULMON: CVE-2019-0982 // 
            
            
            
            BID: 108208 // 
            
            
            
            JVNDB: JVNDB-2019-003823 // 
            
            
            
            CNNVD: CNNVD-201905-393 // 
            
            
            
            NVD: CVE-2019-0982

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0982
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-0982
Trust: 1.4
url:https://www.securityfocus.com/bid/108208
Trust: 1.3
url:http://www.microsoft.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0982
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2019/at190023.html
Trust: 0.8
url:https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/19.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108208
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-20378 // 
            
            
            
            VULMON: CVE-2019-0982 // 
            
            
            
            BID: 108208 // 
            
            
            
            JVNDB: JVNDB-2019-003823 // 
            
            
            
            CNNVD: CNNVD-201905-393 // 
            
            
            
            NVD: CVE-2019-0982

CREDITS
Microsoft.
Trust: 0.9
sources:
            
            
            BID: 108208 // 
            
            
            
            CNNVD: CNNVD-201905-393

SOURCES
db:CNVDid:CNVD-2020-20378
db:VULMONid:CVE-2019-0982
db:BIDid:108208
db:JVNDBid:JVNDB-2019-003823
db:CNNVDid:CNNVD-201905-393
db:NVDid:CVE-2019-0982

LAST UPDATE DATE
2024-08-14T15:12:48.468000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20378date:2020-03-31T00:00:00
db:VULMONid:CVE-2019-0982date:2019-05-20T00:00:00
db:BIDid:108208date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003823date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-393date:2019-05-24T00:00:00
db:NVDid:CVE-2019-0982date:2019-05-20T12:38:21.333

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20378date:2020-03-31T00:00:00
db:VULMONid:CVE-2019-0982date:2019-05-16T00:00:00
db:BIDid:108208date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003823date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-393date:2019-05-14T00:00:00
db:NVDid:CVE-2019-0982date:2019-05-16T19:29:05.083